The Nitro client's NodeData parser enforces safety limits (max 1000 offers,
500 children, 20 depth) using Math.min() on the count but the server was
sending all data beyond those limits. The unread bytes left in the buffer
corrupted parsing of subsequent nodes, causing RangeError.
Cap server-side output to match client limits and snapshot offerIds array
to prevent potential race conditions between size() and iteration.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- SQL injection fix: Replaced string concatenation of minPrice/maxPrice with proper parameterized ? placeholders using a paramIndex counter
- IDOR fix: Added user_id ownership check in MarketPlace.takeBackItem() — now verifies the DB user_id matches the requesting player before allowing item retrieval, with warning log on mismatch
- register interaction types wf_act_freeze, wf_act_unfreeze, wf_act_furni_to_user, wf_act_user_to_furni and wf_act_furni_to_furni
- add effect types FREEZE, UNFREEZE, FURNI_TO_USER, USER_TO_FURNI and FURNI_TO_FURNI
- add freeze handling with cancel-on-teleport and cleanup on teleport or room leave
- support furni-to-furni secondary target selection and immediate furni position persistence
- prevent frozen users from walking until they are unfrozen or moved out of the frozen state
- add wf_trg_leave_room, wf_trg_stuff_state, wf_trg_period_short, wf_trg_click_furni, wf_trg_click_tile, wf_trg_click_user and wf_trg_user_performs_action\n- add interaction type room_invisible_click_tile\n- persist selector-driven MatchFurni and ToggleRandom state changes\n- use configured duration in WiredEffectMuteHabbo
Add allow_underpass as a per-room boolean setting that controls whether
avatars can walk under elevated furniture. When disabled (default), the
room behaves normally with blocking items. When enabled, items elevated
above the UNDERPASS_HEIGHT threshold allow walking underneath.
Changes:
- Room: add allowUnderpass field with DB load/save
- RoomTileManager: make all 3 underpass checks conditional on room setting
- RoomItemManager: getWalkableItemAt() falls back when underpass disabled
- RoomSettingsComposer/SaveEvent: send/receive the flag in room settings packet
- SQL migration: add allow_underpass column to rooms table
Co-Authored-By: medievalshell <medievalshell@users.noreply.github.com>
Allow avatars to walk under furniture items placed at a configurable height threshold (default 1.5). When a blocking item is elevated enough above the walk surface, the tile is treated as walkable.
Changes:
- RoomLayout: add UNDERPASS_HEIGHT static field (default 1.5)
- PluginManager: load pathfinder.underpass.height from emulator config
- RoomTileManager: add getUnderpassWalkHeight() method and underpass checks in tile state calculation, stack height, and canWalkAt()
- RoomItemManager: add getWalkableItemAt() method that returns the correct walkable item considering underpass clearance
- RoomUnit: use getWalkableItemAt() in movement cycle for accurate item resolution when walking under elevated furniture
Co-Authored-By: medievalshell <medievalshell@users.noreply.github.com>
- register interaction types wf_act_freeze, wf_act_unfreeze, wf_act_furni_to_user, wf_act_user_to_furni and wf_act_furni_to_furni
- add effect types FREEZE, UNFREEZE, FURNI_TO_USER, USER_TO_FURNI and FURNI_TO_FURNI
- add freeze handling with cancel-on-teleport and cleanup on teleport or room leave
- support furni-to-furni secondary target selection and immediate furni position persistence
- prevent frozen users from walking until they are unfrozen or moved out of the frozen state
DuckieTM